Adding an application firewall rule to both private and public networks via win7 FirewallAPI

Solution 1

My answer is from David's answer but more detail. And fix problem about setting Localports. You need to setting Protocol before setting Localports. More detail is bellow:

the first, you need to import reference FirewallAPI.dll. It's in "C:\Windows\System32\FirewallAPI.dll" then:

using NetFwTypeLib;

and insert code into your:

        Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
        INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
        var currentProfiles = fwPolicy2.CurrentProfileTypes;

        // Let's create a new rule
        INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
        inboundRule.Enabled = true;
        //Allow through firewall
        inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
        //Using protocol TCP
        inboundRule.Protocol = 6; // TCP
        //Port 81
        inboundRule.LocalPorts = "81";
        //Name of rule
        inboundRule.Name = "MyRule";
        // ...//
        inboundRule.Profiles = currentProfiles;

        // Now add the rule
        INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
        firewallPolicy.Rules.Add(inboundRule);

Solution 2

I think your best bet is to talk to the Windows Firewall with Advanced Security API.

A quick google for "C# INetFwRule2" will show you numerous examples of how to register or update a Firewall rule.

In order to add to both public and private policies i've used something along the lines of

Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
var currentProfiles = fwPolicy2.CurrentProfileTypes;

// Let's create a new rule

INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
inboundRule.Enabled = true;
inboundRule.LocalPorts = "1234";
inboundRule.Protocol = 6; // TCP
// ...
inboundRule.Profiles = currentProfiles;

// Now add the rule

INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);

Solution 3

This page doesn't say this has been answered and is old, so just in case, for future use, I'll answer this.

First, import reference FirewallAPI.dll, located at "C:\Windows\System32\FirewallAPI.dll", then add the using directive

using NetFwTypeLib;

The inboundRule.Profiles property seems to be classified as a set of flags with the following values (the property's type is an int, so i made an enum):

public enum FirewallProfiles
{
    Domain = 1,
    Private = 2,
    Public = 4
}

So, with that code, we can change the Profiles to the following:

// Create a new rule
INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwRule"));
// Enable the rule
inboundRule.Enabled = true;
// Allow through firewall
inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
// Using protocol TCP
inboundRule.Protocol = 6; // TCP
// Set port number
inboundRule.LocalPorts = "1234";
// Name of rule
inboundRule.Name = "Name Of Firewall Rule";
// Set profiles
inboundRule.Profiles = (int)(FirewallProfiles.Private | FirewallProfiles.Public);

// Add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);

Or you could change inboundRule.Profiles to an int value.

Two notes:

1: If you don't run this code under administrative privilege's,

firewallPolicty.Rules.Add(inboundRule);

will throw an exception.

2: inboundRule.Profiles must be between values 1 and 7. Otherwise, it will throw an exception

inboundRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;

Author by

Oyiwai

Updated on July 09, 2022